diff --git a/misc/userscripts/qute-1pass b/misc/userscripts/qute-1pass
index c6afa9f77..83c9690bc 100755
--- a/misc/userscripts/qute-1pass
+++ b/misc/userscripts/qute-1pass
@@ -63,17 +63,21 @@ EOF
 }
 
 URL=$(echo "$QUTE_URL" | awk -F/ '{print $3}' | sed 's/www.//g')
+TOKEN_TMPDIR="${TMPDIR:-/tmp}"
+TOKEN_CACHE="$TOKEN_TMPDIR/1pass.token"
+
 echo "message-info 'Looking for password for $URL...'" >> "$QUTE_FIFO"
 
-if [ -f "$HOME/tmp/1pass.token" ]; then
-    TOKEN=$(cat "$HOME/tmp/1pass.token")
+if [ -f "$TOKEN_CACHE" ]; then
+    TOKEN=$(cat "$TOKEN_CACHE")
     if ! op signin --session="$TOKEN" --output=raw > /dev/null; then
         TOKEN=$(rofi -dmenu -password -p "1password: "| op signin --output=raw) || TOKEN=""
-        echo "$TOKEN" > "$HOME/tmp/1pass.token"
+        echo "$TOKEN" > "$TOKEN_CACHE"
     fi
 else
     TOKEN=$(rofi -dmenu -password -p "1password: "| op signin --output=raw) || TOKEN=""
-    echo "$TOKEN" > "$HOME/tmp/1pass.token"
+    install -m 600 /dev/null $TOKEN_CACHE
+    echo "$TOKEN" > "$TOKEN_CACHE"
 fi